Step 1C: Create Custom API Access Level for Carbon Black Cloud Workload Appliance

Create a custom API access level for the appliances in your organization. Creating an access level for your organization is a one-time task and is available only for the Carbon Black Cloud Super Admin role. Using the created custom access level, generate an API key for the appliance.

Creating a custom API access level for your appliance is a one time task for your organization. You can use the same custom access level to configure multiple appliances for your organization.

Procedure

Log in to the Carbon Black Cloud console. Make sure you have Super Admin permissions.
From the left navigation pane, click the Settings > API Access > Access Levels tab.
On the Access Levels tab, click Add Access Level.
Enter a name and description for the custom API access level for your appliance. Enter a name that users in your organization can identify easily. For example, you can add Appliance in the name.
Select the boxes of the permission functions (CRUDE) and include the following access level.
1. Go to Appliances with the permission name as Send workload assets to CBC and select Create.
2. Go to Appliances with the permission name as Appliances Registration and select Create, Read, Update, Delete.
3. Go to Device with the permission name as Sensor kits and select Execute.
4. Go to Device with the permission name as General information and select Read.
5. Go to Live Query with the permission name as Manage queries and select Create, Read, Update, Delete.
6. Go to Vulnerability with the permission name as Vulnerability assessment data and select Read, Execute.
7. Go to Workload Management with the permission name as View workloads without sensors and select Read.
8. Go to Workload Management with the permission name as Install sensor on vCenter workload and select Execute.
9. Go to Workload Management with the permission name as Uninstall sensor on vCenter workload and select Execute.
10. To enable automatic installation and configuration of the host user world module, go to Workload Management with the permission name as Manage host module on ESX server, and select Execute.
11. To enable viewing details on the host user module, go to Workload Management with the permission name as Fetch ESX server details and select Read.
12. To enforce NSX remediation by applying NSX tags on VM worloads, go to Appliances with the permission name as NSX tags, and select Execute.
Click Save.

Results

Using the same custom API access level for the appliance, you can generate the API key for multiple appliances in your organization.

What to do next

Generate API keys for your appliance.